package com.allinpay;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.junit.Test;

/**
 * @author : wushikai
 * <p>
 * date : 2020-09-01
 *
 * Shiro 对权限字符串缺失部分的处理
 *
 * 如“user:view”等价于“user:view:*”；而“organization”等价于“organization:*”或者“organization:*:*”。
 * 可以这么理解，这种方式实现了前缀匹配。
 *
 * 另外如“user:*”可以匹配如“user:delete”、“user:delete”可以匹配如“user:delete:1”、
 * “user:*:1”可以匹配如“user:view:1”、“user”可以匹配“user:view”或“user:view:1”等。即*可以匹配所有，不加*可以进行前缀匹配；
 * 但是如“*:view”不能匹配“system:user:view”，需要使用“*:*:view”，即后缀匹配必须指定前缀（多个冒号就需要多个*来匹配）。
 *
 *
 */
public class PermissionTest extends BaseTest{

    private final static Log log = LogFactory.getLog(PermissionTest.class);



    @Test
    public void testIsPermitted() {
        login("classpath:shiro-permission.ini", "admin", "123");
        //判断拥有权限：user:create
        log.info(getSubject().isPermitted("user:create"));

        log.info(getSubject().isPermitted("user:*"));

        //判断拥有权限：user:update and user:delete
        log.info(getSubject().isPermittedAll("user:update", "user:delete"));
        //判断没有权限：user:view
        log.info(getSubject().isPermitted("user:view"));
    }

    @Test(expected = UnauthorizedException.class)
    public void testCheckPermission() {
        login("classpath:shiro-permission.ini", "wang", "123");
        //断言拥有权限：user:create
        getSubject().checkPermission("user/create");
        //断言拥有权限：user:delete and user:update 老王是没有delete 权限的
        log.info(getSubject().isPermittedAll("user/delete", "user/update"));
        //断言拥有权限：user:view 失败抛出异常
        getSubject().checkPermissions("user/view");
    }


    @Test
    public void testWildcardPermission1() {
        login("classpath:shiro-permission.ini", "li", "123");

        log.info(getSubject().isPermitted("user/*"));

        getSubject().checkPermissions("system:user:update", "system:user:delete");
        getSubject().checkPermissions("system:user:update,delete");
    }

    @Test
    public void testWildcardPermission2() {
        login("classpath:shiro-permission.ini", "li", "123");
        getSubject().checkPermissions("system:user:create,delete,update:view");

        getSubject().checkPermissions("system:user:*");
        getSubject().checkPermissions("system:user");
    }

    @Test
    public void testWildcardPermission3() {
        login("classpath:shiro-permission.ini", "li", "123");
        getSubject().checkPermissions("user:view");

        getSubject().checkPermissions("system:user:view");
    }

    @Test
    public void testWildcardPermission4() {
        login("classpath:shiro-permission.ini", "li", "123");
        getSubject().checkPermissions("user:view:1");

        getSubject().checkPermissions("user:delete,update:1");
        getSubject().checkPermissions("user:update:1", "user:delete:1");

        getSubject().checkPermissions("user:update:1", "user:delete:1", "user:view:1");

        getSubject().checkPermissions("user:auth:1", "user:auth:2");

    }

    @Test
    public void testWildcardPermission5() {
        login("classpath:shiro-permission.ini", "li", "123");
        getSubject().checkPermissions("menu:view:1");

        getSubject().checkPermissions("organization");
        getSubject().checkPermissions("organization:view");
        getSubject().checkPermissions("organization:view:1");

    }


    @Test
    public void testWildcardPermission6() {
        login("classpath:shiro-permission.ini", "li", "123");
        getSubject().checkPermission("menu:view:1");
        getSubject().checkPermission(new WildcardPermission("menu:view:1"));

    }


}
